Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/1_SzZyq2obXjdTzemeJppGfjRxE.roa
File:                     1_SzZyq2obXjdTzemeJppGfjRxE.roa (raw, json)
Hash identifier:          LHDx4hdCnh61MdXiRXc5naL2lsnf5IHvU0LYvAEiOt4=
Subject key identifier:   D7:F4:B3:67:2A:B6:A1:B5:E3:75:3C:DE:99:E2:69:A4:67:E3:47:11
Certificate issuer:       /CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
Certificate serial:       018CC5DC87079562F212BBE67D198C49250A
Authority key identifier: 38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/1_SzZyq2obXjdTzemeJppGfjRxE.roa
Signing time:             Mon 01 Jan 2024 16:30:13 +0000
ROA not before:           Mon 01 Jan 2024 16:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62027
IP address blocks:        185.97.134.0/24 maxlen: 24
                          185.97.135.0/24 maxlen: 24
                          2a00:cee5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:87:07:95:62:f2:12:bb:e6:7d:19:8c:49:25:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
        Validity
            Not Before: Jan  1 16:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7f4b3672ab6a1b5e3753cde99e269a467e34711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e9:da:47:8a:14:34:ff:f5:4c:a3:38:ac:b8:
                    64:3f:8d:f4:b9:16:bd:83:88:89:19:e9:4f:61:2b:
                    6a:2c:c9:d9:d0:a4:2f:d6:0e:bd:09:fd:32:3a:00:
                    dd:ed:c2:0b:77:bc:a3:a9:3b:7f:f7:cf:63:98:c4:
                    0f:08:c6:2a:cc:fb:d9:32:06:af:01:a5:34:fa:b6:
                    43:4c:47:2d:f1:ae:2a:3d:32:62:eb:2e:63:ce:18:
                    60:19:f7:1b:96:89:50:4e:9f:44:a2:61:b9:39:e2:
                    58:ee:da:03:3a:c4:4b:97:f6:be:8c:74:ab:12:74:
                    71:32:88:d5:12:af:76:66:8a:fa:3c:e1:05:42:8a:
                    4a:8c:b1:dc:27:ab:20:67:d1:f4:2f:71:b2:63:cf:
                    9a:55:d9:35:83:26:60:22:e7:52:6d:5c:ff:4b:2b:
                    6b:36:44:92:89:41:f3:e2:61:df:9c:ed:f3:d3:5a:
                    fc:0e:de:9d:09:80:ac:d1:a7:35:d0:c3:0f:53:b5:
                    2e:2d:8c:f7:dc:bd:37:b0:1a:c5:87:41:7e:ad:f9:
                    2d:0b:25:3f:08:22:b3:62:d4:13:08:04:95:b9:9b:
                    27:3b:13:2f:85:6d:05:46:29:c9:0f:f0:a9:49:65:
                    a7:e3:85:6e:d2:8f:21:20:e2:05:c9:df:64:3c:90:
                    b6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F4:B3:67:2A:B6:A1:B5:E3:75:3C:DE:99:E2:69:A4:67:E3:47:11
            X509v3 Authority Key Identifier:
                keyid:38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/1_SzZyq2obXjdTzemeJppGfjRxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.134.0/23
                IPv6:
                  2a00:cee5::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:b8:28:81:13:4c:55:82:2e:e9:e5:0c:30:12:26:51:e7:cb:
         5d:94:fc:7e:72:ae:b0:18:05:19:b7:b9:01:cc:de:59:19:52:
         b1:77:a8:9c:7e:83:9d:0b:2c:69:1d:02:db:33:01:05:4e:fc:
         e8:e4:c8:8f:f4:af:ae:20:79:79:45:98:45:fc:53:a0:74:8f:
         24:4d:0a:3f:41:be:b5:11:64:1d:83:25:35:6a:99:b7:30:a7:
         6c:ff:c5:d8:10:8a:97:ad:89:d6:a0:36:a6:24:7a:72:d7:d7:
         e4:49:69:76:6b:80:9e:9d:7b:08:9c:56:65:a0:36:ee:09:d2:
         21:ab:bf:8d:cc:5e:86:af:dc:97:7a:a6:09:e9:37:76:6d:f4:
         cf:75:7a:97:4d:74:8e:78:7c:dd:70:a8:26:b2:98:90:8c:ec:
         78:c0:5f:2c:07:85:f3:5f:b2:35:62:4a:ad:27:a9:28:83:2f:
         c2:61:d2:29:86:05:85:0d:24:76:71:72:e3:bf:21:a8:80:b4:
         2b:17:bc:ae:82:6f:4b:62:28:ff:52:f5:ca:f2:16:01:0a:42:
         69:ab:0f:f7:20:88:de:ed:f8:b6:77:63:4b:1a:b1:86:9c:32:
         a3:9e:85:7d:2e:df:06:1a:92:67:03:d7:2f:2f:cd:08:f3:be:
         e9:4f:88:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3IcHlWLyErvmfRmMSSUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4Y2EzZjM4ZDhlNWEzMDFlYWY2OTI0YjkyNGZlOGY1N2Fh
YzY5MGQwHhcNMjQwMTAxMTYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Y0YjM2NzJhYjZhMWI1ZTM3NTNjZGU5OWUyNjlhNDY3ZTM0NzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmunaR4oUNP/1TKM4rLhkP430uRa9
g4iJGelPYStqLMnZ0KQv1g69Cf0yOgDd7cILd7yjqTt/989jmMQPCMYqzPvZMgav
AaU0+rZDTEct8a4qPTJi6y5jzhhgGfcblolQTp9EomG5OeJY7toDOsRLl/a+jHSr
EnRxMojVEq92Zor6POEFQopKjLHcJ6sgZ9H0L3GyY8+aVdk1gyZgIudSbVz/Sytr
NkSSiUHz4mHfnO3z01r8Dt6dCYCs0ac10MMPU7UuLYz33L03sBrFh0F+rfktCyU/
CCKzYtQTCASVuZsnOxMvhW0FRinJD/CpSWWn44Vu0o8hIOIFyd9kPJC2vQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNf0s2cqtqG143U83pniaaRn40cRMB8GA1UdIwQY
MBaAFDjKPzjY5aMB6vaSS5JP6PV6rGkNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODIt
NzEyZmE2NWEyNWJhLzEvMV9Telp5cTJvYlhqZFR6ZW1lSnBwR2ZqUnhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODItNzEyZmE2NWEyNWJh
LzEvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuWGGMA0E
AgACMAcDBQAqAM7lMA0GCSqGSIb3DQEBCwUAA4IBAQAtuCiBE0xVgi7p5QwwEiZR
58tdlPx+cq6wGAUZt7kBzN5ZGVKxd6icfoOdCyxpHQLbMwEFTvzo5MiP9K+uIHl5
RZhF/FOgdI8kTQo/Qb61EWQdgyU1apm3MKds/8XYEIqXrYnWoDamJHpy19fkSWl2
a4CenXsInFZloDbuCdIhq7+NzF6Gr9yXeqYJ6Td2bfTPdXqXTXSOeHzdcKgmspiQ
jOx4wF8sB4XzX7I1YkqtJ6kogy/CYdIphgWFDSR2cXLjvyGogLQrF7yugm9LYij/
UvXK8hYBCkJpqw/3IIje7fi2d2NLGrGGnDKjnoV9Lt8GGpJnA9cvL80I877pT4g8
-----END CERTIFICATE-----